.git was corrupted on the machine i worked on these many commits. so here it is all at once :P

4 files changed, 91 insertions, 0 deletions

diff --git a/playbooks/roles/oci/tasks/main.yml b/playbooks/roles/oci/tasks/main.yml
new file mode 100644
index 0000000..d9c3b56
--- /dev/null
+++ b/playbooks/roles/oci/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Deploy oci
+  ansible.builtin.import_tasks: manage-docker-swarm-service.yml
+  vars:
+    service_name: oci
+    template_render_dir: "../templates"
+    service_destination_dir: "{{ oci_base }}"
diff --git a/playbooks/roles/oci/templates/stacks/docker-compose.yml b/playbooks/roles/oci/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..8b40356
--- /dev/null
+++ b/playbooks/roles/oci/templates/stacks/docker-compose.yml
@@ -0,0 +1,48 @@
+services:
+  valkey:
+    image: valkey/valkey:8.0.2
+    networks:
+      - oci
+
+  oci:
+    image: ghcr.io/simple-registry/simple-registry:main
+    command: "server"
+    volumes:
+      - {{ oci_base }}/volumes/config.toml:/config.toml
+      - {{ oci_base }}/volumes/images:/images
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ deployment_time }}
+      - RUST_LOG=info
+    networks:
+      - proxy
+      - oci
+    healthcheck:
+      test: ["CMD", "/simple-registry", "scrub"]
+      timeout: 10s
+      interval: 30s
+      retries: 2
+      start_period: 5s
+    deploy:
+      mode: replicated
+      update_config:
+        parallelism: 1
+        failure_action: rollback
+        order: start-first
+        monitor: 5s
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.oci.tls=true
+        - traefik.http.routers.oci.tls.certResolver=letsencrypt
+        - traefik.http.routers.oci.rule=Host(`{{ oci_domain }}`)
+        - traefik.http.routers.oci.entrypoints=websecure
+        - traefik.http.services.oci.loadbalancer.server.port=8000
+
+networks:
+  oci:
+    attachable: true
+    driver: overlay
+  proxy:
+    external: true
diff --git a/playbooks/roles/oci/templates/volumes/config.toml b/playbooks/roles/oci/templates/volumes/config.toml
new file mode 100644
index 0000000..6d2f199
--- /dev/null
+++ b/playbooks/roles/oci/templates/volumes/config.toml
@@ -0,0 +1,35 @@
+[server]
+bind_address = "0.0.0.0"
+port = 8000
+streaming_chunk_size = "5MiB"
+
+[lock_store.redis]
+url = "redis://valkey:6379"
+ttl = 5
+
+[cache_store.redis]
+url = "redis://valkey:6379"
+ttl = 5
+
+[storage.fs]
+root_dir = "/images"
+
+[observability.tracing]
+endpoint = "http://127.0.0.1:4317"
+sampling_rate = 1.0
+
+[identity.ci]
+username = "ci"
+password = "{{ simple_registry_password_argon_encoded }}"
+
+[identity.readonly]
+username = "readonly"
+password = "$argon2i$v=19$m=16,t=2,p=1$TjJyTEdIZUJ6dFZkdlZvSg$qf8vG09O93Z/9vUMCgWNtA" # readonly
+
+[repository."img"]
+
+[repository."img".access_policy]
+default_allow = false
+rules = [
+    'request.action.startsWith("get-") || request.action.startsWith("list-") || identity.id == "ci"'
+]
diff --git a/playbooks/roles/oci/templates/volumes/images/.gitkeep b/playbooks/roles/oci/templates/volumes/images/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/oci/templates/volumes/images/.gitkeep